21112023_0007_RIRS[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

21112023_0007_RIRS.zip
Size

1.7MB
MD5

24b6e579903a10857e0196f49feb5e31
SHA1

98ed3d2872c169bff4de6bf0e08def4cb6fe063d
SHA256

a13a66488151b47508a2dd043f8010ad91b96638c0b1a6f83ebbb82c4cb4fc5e
SHA512

bc388dcca844c2839c128313df5b9f44734e64d009e0749010413904372c4d3635f701bd8e341433740aab1b1c8005df9648ed6bdf83cc87b1ed9ceff060e8f2
SSDEEP

49152:iUWY2+P3eKWjZg+/TkCDAFWMpzTVg2jW+Kr0DKBXIeX5jY:ie2+PuKWlg+LunpzW2yDrCWvs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RIRS.dll

Files

21112023_0007_RIRS.zip
.zip

Password: infected
RIRS.dll
.dll windows:6 windows x86 arch:x86

Password: infected

f25ba11cc2f9d886b0989a9c392d11cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

getaddrinfo
sendto
recvfrom
WSASetLastError
send
recv
shutdown
socket
setsockopt
listen
connect
closesocket
bind
accept
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
getsockopt
getsockname
ioctlsocket
getnameinfo
freeaddrinfo
ntohs

advapi32

CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

kernel32

GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetStringTypeW
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFullPathNameW
GetCurrentDirectoryW
SetFileAttributesW
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
GetOEMCP
TlsFree
GetFileAttributesExW
HeapReAlloc
SetFilePointerEx
FlushFileBuffers
ConvertFiberToThread
ConvertThreadToFiber
SwitchToFiber
DeleteFiber
CreateFiber
FormatMessageW
GetSystemTime
SystemTimeToFileTime
GetLastError
SetLastError
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
CloseHandle
FreeLibrary
LoadLibraryA
LoadLibraryW
GetModuleHandleExW
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
GetEnvironmentVariableW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SetStdHandle
InterlockedFlushSList
LoadLibraryExW
RtlUnwind
ReadFile
SetConsoleCtrlHandler
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
RaiseException
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetConsoleCP
CompareStringW
LCMapStringW

Exports

Exports

CCCESS_DESCRIPTION_free
CCCESS_DESCRIPTION_it
CCCESS_DESCRIPTION_new
CES_bi_ige_encrypt
CES_cbc_encrypt
CES_cfb128_encrypt
CES_cfb1_encrypt
CES_cfb8_encrypt
CES_decrypt
CES_ecb_encrypt
CES_encrypt
CES_ige_encrypt
CES_ofb128_encrypt
CES_options
CES_set_decrypt_key
CES_set_encrypt_key
CES_unwrap_key
CES_wrap_key
CSIdOrRange_free
CSIdOrRange_it
CSIdOrRange_new
CSIdentifierChoice_free
CSIdentifierChoice_it
CSIdentifierChoice_new
CSIdentifiers_free
CSIdentifiers_it
CSIdentifiers_new
CSN1_ANY_it
CSN1_BIT_STRING_check
CSN1_BIT_STRING_free
CSN1_BIT_STRING_get_bit
CSN1_BIT_STRING_it
CSN1_BIT_STRING_name_print
CSN1_BIT_STRING_new
CSN1_BIT_STRING_num_asc
CSN1_BIT_STRING_set
CSN1_BIT_STRING_set_asc
CSN1_BIT_STRING_set_bit
CSN1_BMPSTRING_free
CSN1_BMPSTRING_it
CSN1_BMPSTRING_new
CSN1_BOOLEAN_it
CSN1_ENUMERATED_free
CSN1_ENUMERATED_get
CSN1_ENUMERATED_get_int64
CSN1_ENUMERATED_it
CSN1_ENUMERATED_new
CSN1_ENUMERATED_set
CSN1_ENUMERATED_set_int64
CSN1_ENUMERATED_to_BN
CSN1_FBOOLEAN_it
CSN1_GENERALIZEDTIME_adj
CSN1_GENERALIZEDTIME_check
CSN1_GENERALIZEDTIME_free
CSN1_GENERALIZEDTIME_it
CSN1_GENERALIZEDTIME_new
CSN1_GENERALIZEDTIME_print
CSN1_GENERALIZEDTIME_set
CSN1_GENERALIZEDTIME_set_string
CSN1_GENERALSTRING_free
CSN1_GENERALSTRING_it
CSN1_GENERALSTRING_new
CSN1_IA5STRING_free
CSN1_IA5STRING_it
CSN1_IA5STRING_new
CSN1_INTEGER_cmp
CSN1_INTEGER_dup
CSN1_INTEGER_free
CSN1_INTEGER_get
CSN1_INTEGER_get_int64
CSN1_INTEGER_get_uint64
CSN1_INTEGER_it
CSN1_INTEGER_new
CSN1_INTEGER_set
CSN1_INTEGER_set_int64
CSN1_INTEGER_set_uint64
CSN1_INTEGER_to_BN
CSN1_NULL_free
CSN1_NULL_it
CSN1_NULL_new
CSN1_OBJECT_create
CSN1_OBJECT_free
CSN1_OBJECT_it
CSN1_OBJECT_new
CSN1_OCTET_STRING_NDEF_it
CSN1_OCTET_STRING_cmp
CSN1_OCTET_STRING_dup
CSN1_OCTET_STRING_free
CSN1_OCTET_STRING_it
CSN1_OCTET_STRING_new
CSN1_OCTET_STRING_set
CSN1_PCTX_free
CSN1_PCTX_get_cert_flags
CSN1_PCTX_get_flags
CSN1_PCTX_get_nm_flags
CSN1_PCTX_get_oid_flags
CSN1_PCTX_get_str_flags
CSN1_PCTX_new
CSN1_PCTX_set_cert_flags
CSN1_PCTX_set_flags
CSN1_PCTX_set_nm_flags
CSN1_PCTX_set_oid_flags
CSN1_PCTX_set_str_flags
CSN1_PRINTABLESTRING_free
CSN1_PRINTABLESTRING_it
CSN1_PRINTABLESTRING_new
CSN1_PRINTABLE_free
CSN1_PRINTABLE_it
CSN1_PRINTABLE_new
CSN1_PRINTABLE_type
CSN1_SCTX_free
CSN1_SCTX_get_app_data
CSN1_SCTX_get_flags
CSN1_SCTX_get_item
CSN1_SCTX_get_template
CSN1_SCTX_new
CSN1_SCTX_set_app_data
CSN1_SEQUENCE_ANY_it
CSN1_SEQUENCE_it
CSN1_SET_ANY_it
CSN1_STRING_TABLE_add
CSN1_STRING_TABLE_cleanup
CSN1_STRING_TABLE_get
CSN1_STRING_clear_free
CSN1_STRING_cmp
CSN1_STRING_copy
CSN1_STRING_data
CSN1_STRING_dup
CSN1_STRING_free
CSN1_STRING_get0_data
CSN1_STRING_get_default_mask
CSN1_STRING_length
CSN1_STRING_length_set
CSN1_STRING_new
CSN1_STRING_print
CSN1_STRING_print_ex
CSN1_STRING_print_ex_fp
CSN1_STRING_set
CSN1_STRING_set0
CSN1_STRING_set_by_NID
CSN1_STRING_set_default_mask
CSN1_STRING_set_default_mask_asc
CSN1_STRING_to_UTF8
CSN1_STRING_type
CSN1_STRING_type_new
CSN1_T61STRING_free
CSN1_T61STRING_it
CSN1_T61STRING_new
CSN1_TBOOLEAN_it
CSN1_TIME_adj
CSN1_TIME_check
CSN1_TIME_diff
CSN1_TIME_free
CSN1_TIME_it
CSN1_TIME_new
CSN1_TIME_print
CSN1_TIME_set
CSN1_TIME_set_string
CSN1_TIME_to_generalizedtime
CSN1_TYPE_cmp
CSN1_TYPE_free
CSN1_TYPE_get
CSN1_TYPE_get_int_octetstring
CSN1_TYPE_get_octetstring
CSN1_TYPE_new
CSN1_TYPE_pack_sequence
CSN1_TYPE_set
CSN1_TYPE_set1
CSN1_TYPE_set_int_octetstring
CSN1_TYPE_set_octetstring
CSN1_TYPE_unpack_sequence
CSN1_UNIVERSALSTRING_free
CSN1_UNIVERSALSTRING_it
CSN1_UNIVERSALSTRING_new
CSN1_UNIVERSALSTRING_to_string
CSN1_UTCTIME_adj
CSN1_UTCTIME_check
CSN1_UTCTIME_cmp_time_t
CSN1_UTCTIME_free
CSN1_UTCTIME_it
CSN1_UTCTIME_new
CSN1_UTCTIME_print
CSN1_UTCTIME_set
CSN1_UTCTIME_set_string
CSN1_UTF8STRING_free
CSN1_UTF8STRING_it
CSN1_UTF8STRING_new
CSN1_VISIBLESTRING_free
CSN1_VISIBLESTRING_it
CSN1_VISIBLESTRING_new
CSN1_add_oid_module
CSN1_add_stable_module
CSN1_bn_print
CSN1_buf_print
CSN1_check_infinite_end
CSN1_const_check_infinite_end
CSN1_d2i_bio
CSN1_d2i_fp
CSN1_digest
CSN1_dup
CSN1_generate_nconf
CSN1_generate_v3
CSN1_get_object
CSN1_i2d_bio
CSN1_i2d_fp
CSN1_item_d2i
CSN1_item_d2i_bio
CSN1_item_d2i_fp
CSN1_item_digest
CSN1_item_dup
CSN1_item_ex_d2i
CSN1_item_ex_free
CSN1_item_ex_i2d
CSN1_item_ex_new
CSN1_item_free
CSN1_item_i2d
CSN1_item_i2d_bio
CSN1_item_i2d_fp
CSN1_item_ndef_i2d
CSN1_item_new
CSN1_item_pack
CSN1_item_print
CSN1_item_sign
CSN1_item_sign_ctx
CSN1_item_unpack
CSN1_item_verify
CSN1_mbstring_copy
CSN1_mbstring_ncopy
CSN1_object_size
CSN1_parse
CSN1_parse_dump
CSN1_put_eoc
CSN1_put_object
CSN1_sign
CSN1_str2mask
CSN1_tag2bit
CSN1_tag2str
CSN1_verify
CSRange_free
CSRange_it
CSRange_new
CSYNC_WAIT_CTX_clear_fd
CSYNC_WAIT_CTX_free
CSYNC_WAIT_CTX_get_all_fds
CSYNC_WAIT_CTX_get_changed_fds
CSYNC_WAIT_CTX_get_fd
CSYNC_WAIT_CTX_new
CSYNC_WAIT_CTX_set_wait_fd
CSYNC_block_pause
CSYNC_cleanup_thread
CSYNC_get_current_job
CSYNC_get_wait_ctx
CSYNC_init_thread
CSYNC_is_capable
CSYNC_pause_job
CSYNC_start_job
CSYNC_unblock_pause
CUTHORITY_INFO_ACCESS_free
CUTHORITY_INFO_ACCESS_it
CUTHORITY_INFO_ACCESS_new
CUTHORITY_KEYID_free
CUTHORITY_KEYID_it
CUTHORITY_KEYID_new
CASIC_CONSTRAINTS_free
CASIC_CONSTRAINTS_it
CASIC_CONSTRAINTS_new
CF_cbc_encrypt
CF_cfb64_encrypt
CF_decrypt
CF_ecb_encrypt
CF_encrypt
CF_ofb64_encrypt
CF_options
CF_set_key
CIGNUM_it
CIO_ADDRINFO_address
CIO_ADDRINFO_family
CIO_ADDRINFO_free
CIO_ADDRINFO_next
CIO_ADDRINFO_protocol
CIO_ADDRINFO_socktype
CIO_ADDR_clear
CIO_ADDR_family
CIO_ADDR_free
CIO_ADDR_hostname_string
CIO_ADDR_new
CIO_ADDR_path_string
CIO_ADDR_rawaddress
CIO_ADDR_rawmake
CIO_ADDR_rawport
CIO_ADDR_service_string
CIO_accept
CIO_accept_ex
CIO_asn1_get_prefix
CIO_asn1_get_suffix
CIO_asn1_set_prefix
CIO_asn1_set_suffix
CIO_callback_ctrl
CIO_clear_flags
CIO_closesocket
CIO_connect
CIO_copy_next_retry
CIO_ctrl
CIO_ctrl_get_read_request
CIO_ctrl_get_write_guarantee
CIO_ctrl_pending
CIO_ctrl_reset_read_request
CIO_ctrl_wpending
CIO_debug_callback
CIO_dgram_non_fatal_error
CIO_dump
CIO_dump_cb
CIO_dump_fp
CIO_dump_indent
CIO_dump_indent_cb
CIO_dump_indent_fp
CIO_dup_chain
CIO_f_asn1
CIO_f_base64
CIO_f_buffer
CIO_f_cipher
CIO_f_linebuffer
CIO_f_md
CIO_f_nbio_test
CIO_f_null
CIO_f_reliable
CIO_fd_non_fatal_error
CIO_fd_should_retry
CIO_find_type
CIO_free
CIO_free_all
CIO_get_accept_socket
CIO_get_callback
CIO_get_callback_arg
CIO_get_data
CIO_get_ex_data
CIO_get_host_ip
CIO_get_init
CIO_get_new_index
CIO_get_port
CIO_get_retry_BIO
CIO_get_retry_reason
CIO_get_shutdown
CIO_gethostbyname
CIO_gets
CIO_hex_string
CIO_indent
CIO_int_ctrl
CIO_listen
CIO_lookup
CIO_meth_free
CIO_meth_get_callback_ctrl
CIO_meth_get_create
CIO_meth_get_ctrl
CIO_meth_get_destroy
CIO_meth_get_gets
CIO_meth_get_puts
CIO_meth_get_read
CIO_meth_get_write
CIO_meth_new
CIO_meth_set_callback_ctrl
CIO_meth_set_create
CIO_meth_set_ctrl
CIO_meth_set_destroy
CIO_meth_set_gets
CIO_meth_set_puts
CIO_meth_set_read
CIO_meth_set_write
CIO_method_name
CIO_method_type
CIO_new
CIO_new_CMS
CIO_new_NDEF
CIO_new_PKCS7
CIO_new_accept
CIO_new_bio_pair
CIO_new_connect
CIO_new_dgram
CIO_new_fd
CIO_new_file
CIO_new_fp
CIO_new_mem_buf
CIO_new_socket
CIO_next
CIO_nread
CIO_nread0
CIO_number_read
CIO_number_written
CIO_nwrite
CIO_nwrite0
CIO_parse_hostserv
CIO_pop
CIO_printf
CIO_ptr_ctrl
CIO_push
CIO_puts
CIO_read
CIO_s_accept
CIO_s_bio
CIO_s_connect
CIO_s_datagram
CIO_s_fd
CIO_s_file
CIO_s_mem
CIO_s_null
CIO_s_secmem
CIO_s_socket
CIO_set_callback
CIO_set_callback_arg
CIO_set_cipher
CIO_set_data
CIO_set_ex_data
CIO_set_flags
CIO_set_init
CIO_set_next
CIO_set_retry_reason
CIO_set_shutdown
CIO_set_tcp_ndelay
CIO_snprintf
CIO_sock_error
CIO_sock_info
CIO_sock_init
CIO_sock_non_fatal_error
CIO_sock_should_retry
CIO_socket
CIO_socket_ioctl
CIO_socket_nbio
CIO_test_flags
CIO_up_ref
CIO_vfree
CIO_vprintf
CIO_vsnprintf
CIO_write
CN_BLINDING_convert
CN_BLINDING_convert_ex
CN_BLINDING_create_param
CN_BLINDING_free
CN_BLINDING_get_flags
CN_BLINDING_invert
CN_BLINDING_invert_ex
CN_BLINDING_is_current_thread
CN_BLINDING_lock
CN_BLINDING_new
CN_BLINDING_set_current_thread
CN_BLINDING_set_flags
CN_BLINDING_unlock
CN_BLINDING_update
CN_CTX_end
CN_CTX_free
CN_CTX_get
CN_CTX_new
CN_CTX_secure_new
CN_CTX_start
CN_GENCB_call
CN_GENCB_free
CN_GENCB_get_arg
CN_GENCB_new
CN_GENCB_set
CN_GENCB_set_old
CN_GF2m_add
CN_GF2m_arr2poly
CN_GF2m_mod
CN_GF2m_mod_arr
CN_GF2m_mod_div
CN_GF2m_mod_div_arr
CN_GF2m_mod_exp
CN_GF2m_mod_exp_arr
CN_GF2m_mod_inv
CN_GF2m_mod_inv_arr
CN_GF2m_mod_mul
CN_GF2m_mod_mul_arr
CN_GF2m_mod_solve_quad
CN_GF2m_mod_solve_quad_arr
CN_GF2m_mod_sqr
CN_GF2m_mod_sqr_arr
CN_GF2m_mod_sqrt
CN_GF2m_mod_sqrt_arr
CN_GF2m_poly2arr
CN_MONT_CTX_copy
CN_MONT_CTX_free
CN_MONT_CTX_new
CN_MONT_CTX_set
CN_MONT_CTX_set_locked
CN_RECP_CTX_free
CN_RECP_CTX_new
CN_RECP_CTX_set
CN_X931_derive_prime_ex
CN_X931_generate_Xpq
CN_X931_generate_prime_ex
CN_abs_is_word
CN_add
CN_add_word
CN_asc2bn
CN_bin2bn
CN_bn2bin
CN_bn2binpad
CN_bn2dec
CN_bn2hex
CN_bn2lebinpad
CN_bn2mpi

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 804KB - Virtual size: 801KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
launcher.bat

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f25ba11cc2f9d886b0989a9c392d11cc

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 412KB - Virtual size: 412KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 804KB - Virtual size: 801KB

.reloc Size: 47KB - Virtual size: 46KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 412KB - Virtual size: 412KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 804KB - Virtual size: 801KB

.reloc
Size: 47KB - Virtual size: 46KB